G-Book 1.0 XSS And Other Vulnerabilities

2006.03.28
Credit: matrix_killer
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

------------------------------------------------------ HYSA-2006-006 h4cky0u.org Advisory 015 ------------------------------------------------------ Date - Mon March 27 2006 TITLE: ====== G-Book 1.0 XSS, Possible authentication bypass & mass message flood SEVERITY: ========= High SOFTWARE: ========= G-Book 1.0 Support Website - http://www.6al.net/six/ INFO: ===== G-book is extremely simple to customize and publish. There is no need for a MySQL Database. The script incorporates features such as administration panel, MESSAGE APPROVAL, smilies, divided posts by pages etc. Its graphics can be altered effortlessly through the CSS file. In addition, G-book supports multiple languages. DESCRIPTION: ============ G-Book 1.0 is vulnerable to a XSS attack and you can also get admin access to the guestbook if the user hasn't deleted his cookie. --==XSS==-- In the message board post a message with something like this: <script>alert();</script> Another bug in G-Book is that a user can post as many messages as he wants to. FIX: ==== htmlspecialchars + a logout button which will destroy the cookies and post cotrol. VENDOR RESPONSE: ================ Bug will be fixed in the next version. CREDITS: ======== - This vulnerability was discovered and researched by matrix_killer of h4cky0u Security Forums - mail : matrix_k at abv.bg web : http://www.h4cky0u.org - Co-Researcher - h4cky0u of h4cky0u Security Forums. mail : h4cky0u at gmail.com web : http://www.h4cky0u.org Greets to all omega-team members + krassswr,EcLiPsE and all who support us !!! ORIGINAL ADVISORY: ================== http://www.h4cky0u.org/advisories/HYSA-2006-006-g-book.txt


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top